VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:cda4a0582495e90c0b05ae86f241cb17
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Subfile information:HPWASH.exedumpFile / e6e94a5306413438c86a96118c23aa0b / EXE
HPWASH.exe / e6e94a5306413438c86a96118c23aa0b / EXE
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xbff39b04, EDX = 0x00000038
File behavior
Behavior description:查找文件
details:FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorwks.dll
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.40305\mscorwks.dll
Other behavior
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:窗口信息
details:Pid = 2580, Hwnd=0x3018c, Text = 确定, ClassName = Button.
Pid = 2580, Hwnd=0x2018a, Text = 若要运行此应用程序,您必须首先安装 .NET Framework 的以下版本之一: v4.0.30319 有关如何获取 .NET Framework 的适当版本的说明,请与应用程序发行者联系。, ClassName = Static.
Pid = 2580, Hwnd=0x60190, Text = HPWASH.exe - .NET Framework 初始化错误, ClassName = #32770.
Behavior description:直接获取CPU时钟
details:EAX = 0xbff39b04, EDX = 0x00000038
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号